Skip to content

For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with his autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-use…

License

Notifications You must be signed in to change notification settings

Rafiot/bgp-ranking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BGP AS / ISP Security Ranking

For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with his autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-user equipments) and hosted at specific AS location.

In order to provide an improved security view on those AS numbers, a trust ranking scheme will be implemented based on existing dataset of compromised systems, malware C&C IP and existing datasets of the ISPs.

The official website of the project is: https://github.com/CIRCL/bgp-ranking/

There is a public BGP Ranking at http://bgpranking.circl.lu/

BGP Ranking is free software licensed under the GNU Affero General Public License

BGP Ranking is a software to rank AS numbers based on malicious activities.

Data access

Database 5 (contains all raw data):

    <YYYY-MM-DD>|sources -> set(sources)
    <YYYY-MM-DD>|<source>|asns -> set(asns)
    <YYYY-MM-DD>|<source>|asn_details -> set(<asn>|<ipblock>)
    <asn>|<ipblock>|<YYYY-MM-DD>|<source> -> set(<ip>|<datetime_isoformat>)

    <asn> -> set(ipblock) # The bloc can be ipv4 or ipv6
                          # WARNING: some of the entries are timestamp, this is
                          # a bug in old data and should be discarded
    <asn>|<ipblock> -> hash(<datetime_isoformat>: <verbose_description_from_riswhois>)

Database 6 (contains rankings):

    <YYYY-MM-DD>|amount_asns -> value(nb_asns_day) # from all the ASNs known by RIPE for a day
    <asn>|<YYYY-MM-DD>|<source>|rankv4 -> value(rank)
    <asn>|<YYYY-MM-DD>|<source>|rankv4|details -> zset((<ipblock>, <computed rank>) )
                            # WARNING: some of the entries are timestamp, this is
                            # a bug in old data and should be discarded
    <asn>|<YYYY-MM-DD>|<source>|rankv6 -> value(rank) # Not used
    <asn>|<YYYY-MM-DD>|<source>|rankv6|details -> zset((<ipblock>, <computed rank>) ) # Not used
                            # WARNING: some of the entries are timestamp, this is
                            # a bug in old data and should be discarded

    <asn>|<YYYY-MM-DD>|clean_set

About

For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with his autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-use…

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •